Anonymous Single-Sign-On for n designated services with traceability

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.Comment: 3

Anonymous single sign-on schemes transformed from group signatures

Single Sign-on (SSO) allows a user to obtain a single credential from a Trusted Third Party (TTP) once and then authenticates himself/herself to different service providers by using the same credential. Though different SSO schemes have been obtained from various primitives, user anonymity has not yet been studied formally. Motivated by the fact that anonymity is a very essential security requirement in certain scenarios, in this paper we first formalize a security model of anonymous single-sign on (ASSO). Subsequently, we present a generic ASSO scheme which is transformed from group signatures. Formal proofs are provided to show that the proposed ASSO is secure under the assumption that the underlying group signature is secure according to Bell are et al.\u27s model introduced at CT-RSA 2005. Compared to existing SSO schemes, our transformation not only implements the user\u27s anonymity, but also reduces the trust level in TTP